You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 2
Next »
Summary
The purpose of this section is to describe the new implemented solution to have a secure containerized RDK build on emulator. This implementation done from the reference of
Raspberry pi platform.
The intent of this page is to be used as a walk-through to all the relevant information present in the section.
Detailed organization
The section is organized in two main subsections, as the following:
Most of the information is present in Implementation details, that is organized as the following:
- Containers layer - meta-rdk-containers: this subsection has all the information about the new layer, meta-rdk-containers, that was created to support all configurations, recipes, scripts, etc. about containers.
- Build-time containers framework: this subsection describes how the new framework to build containers in build-time is implemented. Main focus in the following topics:
- Layer configurations: brief description of the configurations for the new layer, including the new machine to generate secure containerized builds (qemux86hybsecure).
- Secure bitbake targets: new bitbake targets/images and needed packagegroups to generate secure containerized builds (e.g., rdk-generic-hybrid-lxc-image).
- Support files: this page describes some "minor" changes, usually to existing recipes, to support secure containers build, such as add support to new machine, apply patches, etc.
- TDK containerized emulator build: describes the configurations added to the containerize emulator build to enable TDK agent and allow running TDK tests.
- TDK add-ons: describes some changes applied to secure build for the TDK to work properly.
- TDK Test Results - non-containerized hybrid emulator VS containerized hybrid emulator
This section has also some tutorials explaining how to use the new layer and the new framework to create new containers - "how to's": - Network configuration: this subsection has all the information about the network configuration needed to fully support a secure containerized build. Focus in:
- Bridge setup: describes the main network configuration of the emulator.
- Hosts: describes changes made to hosts file (/etc/hosts) to facilitate the support of "network capable" containers.
- iptables: describes how firewall/redirect/nat rules are being used, using iptables tool, to support containers.
Implemented containers is updated with all containers that are already implemented. Currently, the following ones are available:
- dbus: runs dbus processes;
- rmfserv: runs rmfstreamer;
- rdk-base: runs most of RDK processes, except the ones that are already running in a separate container.
In order to support some changes to existing code, some patches are applied to support secure containerized build. The full list of patches is available in Containers.
repo init -u https://code.rdkcentral.com/r/manifests -b rdk-next -m rdkv-asp-extsrc.xml
repo sync --no-tags
source meta-cmf-bsp-emulator/setup-environment
meta-rdk-containers/conf/machine/qemux86hybsecure.conf
bitbake rdk-generic-hybrid-lxc-image